CVE-2020-0407

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to the use of 64-bit Initialization Vectors (IVs) in f2fs encryption, which are later truncated to 32 bits due to hardware limitations that only support 32-bit IVs. This may cause IV reuse, resulting in weakened disk encryption. The exploitation of this issue could lead to local information disclosure and requires System execution privileges. User interaction is not necessary for exploitation.

Recommendations For Android kernel, consider applying configuration changes to mitigate the risk of IV reuse, such as using encryption modes that are less susceptible to IV reuse attacks, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.